We use cookies to ensure that we give you the best experience on our website. If you continue without changing your browser settings we will assume that you are happy to receive all cookies on the Tech Data website. However, if you would like to, you can change the cookie settings of your browser at any time. To find out more about the cookies, see our Privacy Policy and Cookie Statement.

Configuring ForgeRock® Identity Gateway (IG-440)

The Configuring ForgeRock® Identity Gateway course is for students who want to learn how to configure ForgeRock Identity Gateway (IG) to help extend access to and protect web applications, application programming interfaces (APIs), and devices and things within an access management solution.This course comprises a mix of instructor-led lessons and demonstrations with plenty of lab exercises to ensure an opportunity to fully understand each of the topics covered. It provides students with the necessary skills to plan, install, configure, and administer an IG deployment. The main goal of the course is to provide a thorough understanding of and hands-on experience with IG, so students can control the most important functions of and manage a successful production deployment.Note that Revision A of this course is built on version 5.5 of IG.

Target AudiencesThe following are the target audiences for this course:

System Integrators

System Consultants

System Architects

System Administrators

Web Developers

ObjectivesUpon completion of this course, you should be able to:

Describe the role and use cases where IG fits within a ForgeRock Identity Platform™ solution, basic concepts of IG, and how to perform a basic installation and configuration of IG

Describe advanced configuration topics and pre-configured default objects in the IG configuration and how to apply the knowledge when building an IG project

Use IG as a policy enforcement point (PEP) to protect a given web application, where ForgeRock® Access Management (AM) is the policy decision point (PDP)

Extend IG to support logout functionality and the retrieval of user profile attributes

Configure IG in the context of OAuth2 and OpenID Connect (OIDC)

Configure IG as a Service Provider (SP) in a SAML2 federation context

Plan the different phases of an IG project from high-level planning, detailed planning, and implementation

PrerequisitesThe following are the prerequisites to successfully completing this course:

Basic knowledge and skills using the Linux operating system to complete labs

Basic knowledge of HTTP and communications between clients and web applications is critical to understanding and working with IG

Chapter 1: Basic ConfigurationDescribe the role and use cases where IG fits within a ForgeRock Identity Platform solution, basic concepts of IG, and how to perform a basic installation and configuration of IG.

Lesson 1: Introducing ForgeRock Identity Gateway

Compare an IG-based solution with a solution using AM policy agents

Examine a request and response through IG to help understand how IG works

Describe the use cases for using IG within your identity management solution

Use IG Studio to create a simple reverse proxy route configuration of IG to monitor the related log file

Examine the lab environment configuration supporting the various IG use cases

Lesson 2: Creating a Basic IG Configuration

Describe the installation requirements and process for IG

Perform a basic installation of IG

Describe how you can use IG Studio to build or prototype routes

Build or prototype routes using IG Studio

Describe basic handlers in IG

Use the static response and HTTP client handler in the base configuration

Describe basic routing in IG

Configure IG to route with two configurations

Describe basic Filters in IG

Configure IG filters to intercept requests and responses

Chapter 2: Advanced ConfigurationDescribe advanced configuration topics and pre-configured default objects in the IG configuration and how to apply the knowledge when building an IG project.

Lesson 1: Enhancing the Default Configuration Objects

Describe how the AdminHttpApplication and GatewayHttpApplication class initializes IG

Use JWT sessions to capture state and store as a cookie

Lesson 2: Attaching Decorators to Configuration Objects

Describe the default CaptureDecorator

Test the default CaptureDecorator

Configure a decorator in a route

Lesson 3: Monitoring, Logging, and Auditing in IG

Describe monitoring in IG

Describe the audit framework and how IG manages audit messages

Capture and store audit data

Describe how you can manage logging events in IG

Change log levels and capture areas

Lesson 4: Extending IG with Scripts

Describe the scripting framework for extending IG functionality

Add a script through IG Studio

Implement a ScriptableHandler

Prepare a development environment for scripting

Use existing scripts to extent IG functionality (optional)

Chapter 3: IG as a PEP to Protect an ApplicationUse IG as a policy enforcement point to protect a given web application, where AM is the policy decision point and extend IG to support logout functionality and the retrieval of user profile attributes.

Lesson 1: Configuring IG as a Basic PEP

Describe the use cases for configuring IG as a PEP and explain the AM requirements for a policy decision

Configure IG as a PEP to enforce policy decisions from AM

Add advanced options to the PEP filter using a custom handler to handle authorization failure, result caching, and AM policy enforcement

Lesson 2: Extending IG as a Basic PEP

Configure IG to not enforce authorization on common extensions

Add a log out function using a ScriptableFilter and custom Groovy script

Chapter 4: IG with OAuth 2.0 and OpenID Connect 1.0Configure IG in the context of OAuth2 and OpenID Connect (OIDC).

Lesson 1: Configuring IG in the Role of an OAuth2 Resource Server

Describe the use cases for configuring IG in the role as an OAuth2 resource server

Briefly describe how OAuth2 works in relation to IG

Examine the supporting AM configurations necessary for integrating with IG

Configure IG in the role of an OAuth2 resource server

Test the OAuth2 flow with IG

Lesson 2: Configuring IG as an OIDC Relying Party

Describe the use cases for IG as a relying party and how OIDC works in relation to IG

Examine the supporting AM configurations necessary for integrating with IG

Configure IG as a relying party

Test the minimal flow and examine the route configuration

Examine the route configuration of IG

Prepare for and test the extended configuration

Chapter 5: IG as a SAML2 Service ProviderConfigure IG as an SP in a SAML2 federation context.

Lesson 1: Configuring IG as SAML2 SP

Describe the use cases for using IG as a SP and how SAML2 works in relation to IG

Configure IG as a SAML2 Service Provider to support SP-initiated single-sign-on (SSO)